msec-7----Page:5
1 2 3 4 5
|
Pasi Comment 3 3) Appendix A.2 seems to suggest that GKM can also set up unicast IPsec SAs? ("However, the unicast inverse flows can use the group's IPsec group authentication mechanism.") This text needs clarification. Response: One of the use cases is NORM, which does multicast from the Group Speaker to the Group Receivers, and unicast from Group Receiver(s) to the Group Speaker. The unicast messages include NACK repair requests, congestion control metering, and other session control messages. Pasi replies that “the important thing to mention (if it is really the case) is that GKM can create unicast SAs. This complicates several things, such as SPI selection (which would need to be coordinated with the unicast key management subsystem). Currently, the draft does not seem to consider these issues. Action: Authors will explicitly mention the NORM use case Authors will discuss the implications of creating unicast SAs. |